Privacy Policy

1. Purpose of this privacy policy

Honely is a home renovation planning application designed for UK homeowners. We take your privacy very seriously. Please read this policy carefully because it contains important information on who we are and how and why we collect, use, store, and protect your personal information (your information) when you use our mobile application (the app) and our website honely.co.uk (the website).

This privacy policy also explains your rights in relation to your information and how to contact us or the relevant regulator in the event you have a complaint. Our collection, storage, use and sharing of your information is regulated by law, including under the UK General Data Protection Regulation (UK GDPR).

We are the controller of your information obtained via the app and the website, meaning we are the people responsible for deciding how and for what purpose(s) it is used.

For more information about who we are, see the ‘How to contact us’ section below.

The app is only on UK app stores and both the app and the website are solely intended for use by people in the UK.

2. Information we collect

The information we collect about you depends on the particular activities carried out through the app and the website. We will collect and use the following information about you, some of which is protected by UK GDPR:

2.1 Account and profile information

• Registration details: your name, email address, and password, or social sign-in credentials via Apple Sign In or Google Sign In (managed by Clerk)
• Profile information: display name and, optionally, a profile photo (avatar)
• Onboarding data: your renovation stage (e.g. planning, in progress, completed), DIY experience level and skill ratings, and monthly budget figure. Some of these fields are optional but are stored if you provide them.
• Account status: subscription tier (free or paid), onboarding completion status, and notification preferences including quiet hours settings
• Biometric authentication: if you enable Face ID or Touch ID unlock, we store a flag indicating biometric unlock is active. The biometric data itself (your faceprint or fingerprint) is processed entirely on your device by iOS and is never sent to or stored on our servers.

2.2 Property information

• Location: your area-level address (e.g. “St Margarets and Twickenham”) and postcode district. We do not collect your specific street address or house number.
• Property characteristics: house type (e.g. terraced, semi-detached, detached), construction era (e.g. Victorian, 1930s, post-war), number of bedrooms, internal footprint in square metres, and EPC energy rating
• Ownership status: whether the property is owned, rented, let out, sold, or on the market
• Purchase details (optional): purchase price and purchase year, if you choose to provide them
• Room data (optional): room types, sizes, and floor levels for rooms you add to your property profile
• Other information about your property you choose to provide

2.3 Project and task data

• Renovation project details: project names, descriptions, target dates, budgets, and progress status
• Tasks: task names, descriptions, priorities, estimated durations, dependencies, milestones, subtasks, and status. All status changes are logged with timestamps for audit trail purposes.
• Other information about your projects and tasks you choose to provide

2.4 Financial data

• Budget allocations by category (materials, labour, fixtures, contingency)
• Expense records including amount, category, date, vendor/supplier name, payment method (cash, card, bank transfer, finance, cheque), and optional receipt photo
• Contractor quotes entered for comparison against regional benchmarks
• Community cost submissions: if you choose to submit your actual renovation costs to our Community Cost Intelligence (CCI) system, these costs are aggregated and anonymised to generate benchmark data shown to other users. See Section 4.2 for details on this data flow.
• Calculator results: inputs and outputs from materials calculators (paint, tiles, flooring), linked to your postcode district and job category
• Other financial data you choose to provide

2.5 Photos, documents, and files

• Before, during, and after renovation photos linked to projects and tasks
• Documents including certificates, warranties, quotes, invoices, insurance documents, planning permissions, building regulations approvals, EPC certificates, gas safety certificates, electrical certificates, asbestos reports, surveys, receipts, contracts, and other files you upload. Each document may have an expiry date you set for reminder purposes
• Other photos, documents and files you choose to upload to the app

2.6 Tradesperson data

• Tradesperson profiles: name, trade type, company name, phone number, email address, website URL, postcode district, qualifications, source (how you found them), and notes
• Trade reviews: if you rate a tradesperson, we store your ratings (overall, punctuality, quality, value, communication, tidiness) and any written comments
• Scheduled visits: appointment details including quoted amounts, actual costs, deposit amounts, payment status, emergency callout flags, and cost variance reasons
• Other tradesperson data you choose to provide

2.7 Tools and materials inventory

• Tools: tool names, categories, conditions, purchase dates, and costs
• Materials: material names, quantities, costs, vendors, and purchase status
• Other information about tools and materials you choose to provide

2.8 Community content

• Forum posts, replies, photos and other information you choose to share in the community forum
• Any house-type or location context you opt to include in your posts

2.9 Communications and feedback

• Messages you send to us via email or in-app feedback
• Survey responses from programme surveys

2.10 Information collected automatically

• Device information: device model, operating system version, unique device identifiers, and app version
• Usage data: features used, screens viewed, session duration, and interaction patterns (collected via PostHog)
• Crash and performance data: error logs, stack traces, and performance diagnostics (collected via Sentry)
• Push notification tokens: device tokens required to deliver push notifications (managed via Expo Push Notifications)
• Status history: all status changes to tasks, projects, and visits are logged with timestamps and your user ID for audit trail purposes

2.11 Information from third-party sources

• Property market data: regional cost benchmarks, sold prices per square foot, price growth data, conservation area status, flood risk, energy efficiency ratings, listed building proximity, and market demand indicators sourced from PropertyData API for your postcode district. This data relates to geographic areas, not to you personally.

3. Collection and use of your information

3.1 How we collect your information

We collect personal information from you directly when you input it into the app and website, and indirectly including while you are using the app or website.

You are not required by law to provide any of the information described in this policy. However, we need a minimum set of information to provide the service to you: specifically, the account details required to create your account (such as your name and email address, or your social sign-in credentials). Without these, we cannot create your account or provide the app. All other information (including property details, project data, photos, and optional fields in onboarding) is provided voluntarily. You can choose not to provide optional information, or to delete it at any time, without affecting your ability to use the core service.

3.2 How we use your information

Under data protection law, we can only use your information if we have a proper reason, including:

• where you have given consent
• to comply with our legal and regulatory obligations
• for the performance of a contract with you or to take steps at your request before entering into a contract, or
• for our legitimate interests or those of a third party.

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own. You can obtain details of this assessment by contacting us.

We use your information for the following purposes, with the corresponding lawful basis under UK GDPR:

3.3 How we store your information

The Honely app stores data locally on your device to enable offline functionality:

• AsyncStorage: stores your app preferences, onboarding state, and non-sensitive settings locally
• SecureStore: stores your authentication tokens securely on your device using iOS Keychain

This on-device data persists until you log out or delete the app. It is protected by your device's built-in security (including any passcode, Face ID, or Touch ID you have enabled).

4. Automated processing and community cost intelligence

4.1 Automated decision-making and profiling

Honely uses the following automated processing to provide its core features:

• Regional price multipliers: Your postcode district is used to calculate a regional price adjustment factor (based on local property values relative to the UK average) that is applied to cost estimates and quote validations.
• House-type and era warnings: Your confirmed house type and construction era are matched against a lookup table of common renovation considerations (e.g., alerting Victorian terrace owners to potential lath-and-plaster issues).

These features use rule-based logic, not artificial intelligence. They provide general guidance and do not make decisions that produce legal or similarly significant effects on you. You are free to disregard any estimate or warning. We recommend seeking professional advice before making financial decisions.

4.2 Community Cost Intelligence (CCI)

Honely operates a Community Cost Intelligence system that improves the accuracy of renovation cost benchmarks over time. Here is how it works:

• Opt-in submission: You may choose to submit your actual renovation costs (amounts, job categories, and postcode district) to the CCI system. This is entirely voluntary. If you do, we will retain and use the data in the manner set out in this privacy policy.
• Aggregation and anonymisation: Submitted costs are aggregated with other users' submissions. Individual costs are anonymised before being used to calculate benchmarks. No personally identifiable information is included in the benchmark data shown to other users.
• Benchmark output: The aggregated data is used to refine the cost ranges shown to all users for quote validation and budget planning.
• Data pipeline: CCI data flows through Convex to Google BigQuery (via Airbyte) for aggregation, and processed benchmarks may be published via Google Sheets for internal review before being served to users.

The lawful basis for CCI processing is your consent (Art. 6(1)(a)). You can withdraw consent at any time by contacting us, at which point your future submissions will not be included. Previously aggregated and anonymised data cannot be disaggregated.

5. Who we share your information with

We routinely share your information with the following categories of third parties. Each acts as a data processor on our behalf, except for Apple, which acts as an independent controller in respect of payment information and in-app purchase data it collects directly from you. We do not receive your payment card details.

Note that PropertyData API supplies us with aggregated regional property statistics (cost benchmarks, sold prices, growth data, risk flags) at the postcode district level. We send only a postcode district to PropertyData, not any personal data. PropertyData does not process personal data on our behalf and is therefore not listed as a data processor. The source of this data is described above.

We only allow the third parties referred to above to handle your information if we are satisfied that they take appropriate measures to protect your information. We also impose contractual obligations on service providers to ensure they can only use your information to provide services to us and to you.

We do not sell your data to third parties. We do not share your data with third parties for their own marketing purposes.

We or the third parties mentioned above occasionally also need to share your information with:

• external auditors in relation to accounts, who will be subject to confidentiality obligations
• our or their professional advisers, who will be subject to confidentiality obligations
• law enforcement agencies, courts or tribunals and regulatory bodies to comply with legal and regulatory requirements, and
• other parties that have or may acquire an interest in our business (and our and their professional advisers) in connection with potential or actual transactions, restructuring, merger, acquisition etc. Usually, information will be anonymised, but this may not always be possible. The recipient of any information will be subject to confidentiality obligations.

If you would like more information on who we share your information with and why, please contact us.

6. International data transfers

Countries outside the UK have different data protection laws, some of which may provide lower levels of protection of privacy. It is sometimes necessary for us to transfer your information to countries outside the UK.

Where your personal information is transferred outside the UK, we ensure appropriate safeguards are in place. Under data protection laws, we can only transfer your information to a country outside the UK where:

• the UK government has decided the particular country ensures an adequate level of protection of your information (known as ‘adequacy regulation’) further to Article 45 of UK GDPR
• there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for you, or
• a specific exception applies under relevant data protection law.

We may transfer your personal information outside the UK to countries in the European Union and to the United States of America based on:

• an adequacy regulation under Article 45 of the UK GDPR (for transfers to countries in the European Economic Area, which the UK government has designated as providing an adequate level of data protection); or appropriate safeguards under Article 46 of the UK GDPR, specifically: (i) the UK Extension to the EU-US Data Privacy Framework, where the recipient is certified under that framework; or (ii) the UK International Data Transfer Agreement, or the UK Addendum to the European Commission's Standard Contractual Clauses, together with any supplementary measures required following a transfer risk assessment.

In the event we cannot or choose not to continue to rely on either of the mechanisms set out above at any time, we will not transfer your information outside the UK unless we can do so on the basis of an alternative mechanism or exception provided by UK data protection law.

We will notify you of any changes to the destinations to which we send your information or in the transfer mechanisms we use to transfer your information internationally in accordance with the section on ‘Changes to this policy’ below.

7. How long we keep your data

We keep your data for the following periods of time:

When you delete your account, we delete or anonymise your data including your information within 30 days, except where we are required to retain it by law (e.g., financial records for tax purposes) or where data has already been irreversibly anonymised (e.g., aggregated CCI benchmarks).

8. Your rights

Under UK GDPR, you have the following rights regarding your information, which you can usually exercise free of charge:

• Right of access (Art. 15): The right to be provided with a copy of the information we hold about you.
• Right to rectification (Art. 16): The right to require us to correct inaccurate personal information.
• Right to erasure (Art. 17): The right to require us to delete your data. You can also delete your account directly within the app.
• Right to restrict processing (Art. 18): The right to limit how we use your data in certain circumstances.
• Right to data portability (Art. 20): The right to require that your information is held in a structured, commonly used, machine-readable format.
• Right to object (Art. 21): The right to object to processing based on legitimate interests, including any profiling.
• Right not to be subject to automated decision-making (Art. 22): You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects.
• Right to withdraw consent: Where processing is based on consent (e.g., marketing emails, push notifications, CCI submissions, biometric unlock), you have the right to withdraw your consent at any time without affecting the lawfulness of processing before withdrawal.

For further information on each of these rights, including the circumstances in which they do and do not apply, please contact us. You may also find it useful to refer to the guidance from the UK's Information Commissioner on your rights under UK GDPR.

To exercise any of these rights, contact us at privacy@honely.co.uk. When contacting us, please provide enough information to identify yourself and any additional information we may reasonably request from you, and let us know which right(s) you want to exercise and the information to which your request relates.

If your request engages one or more of the rights set out above, we will respond to you within one month. If your request is complex, we may extend this by a further two months and will inform you if so.

9. Device permissions

The app may request the following device permissions:

• Camera: To take photos of your renovation progress, documents, and other photos you choose to take using the app. Only accessed when you choose to take a photo.
• Photo Library: To upload existing photos to your projects, to the community forum, and to any other part of the app to which you choose to upload photos. Only accessed when you choose to select a photo.
• Calendar (EventKit): To sync renovation tasks, tradesperson appointments, deadlines and other events with your iOS calendar. Honely may create, modify, or delete calendar events you create through the app only. Bidirectional sync means changes in your iOS calendar to Honely-created events will also be reflected in the app.
• Face ID / Touch ID: To enable biometric unlock of the app. Biometric data is processed on-device by iOS and never leaves your device. Honely only receives a success/failure result.
• Notifications: To allow us to send you push notifications for appointment reminders, task due dates, document expiry alerts, beta programme communications, and any other notifications you choose to receive on the app.
• File Access: To allow you to upload documents (certificates, warranties, receipts etc.) to the app from your device.

You can manage these in your device settings on your device at any time.

10. Keeping your information secure

We implement appropriate technical and organisational security measures to protect your information from accidentally being lost, or used and accessed unlawfully, including:

• Encryption of data in transit (TLS/HTTPS) and at rest
• Secure authentication via Clerk with Apple Sign In and Google Sign In
• Authentication tokens stored securely on-device via iOS SecureStore (Keychain), and app preferences stored via AsyncStorage, protected by your device's security settings
• Access controls limiting data access to authorised personnel
• Regular security reviews of our infrastructure and third-party processors

We limit access to your information to those who have a genuine business need to access it. While we take reasonable steps to protect your data, no system is completely secure. We have procedures in place to deal with any suspected data security breaches. Where a personal data breach meets the threshold for notification under the UK GDPR, we will notify the Information Commissioner's Office within 72 hours of becoming aware of it, and will notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms.

11. How to complain

Please contact us if you have any queries or concerns about our use of your information. We hope we will be able to resolve any issues you may have.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

• Website: ico.org.uk/make-a-complaint
• Telephone: 0303 123 1113
• Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

12. App updates

We may deliver updates to the app through the App Store or via over-the-air (OTA) updates using Expo Application Services (EAS). OTA updates allow us to fix bugs and improve features without requiring you to download a new version from the App Store. These updates deliver code changes only and do not access, collect, or transmit your data.

13. Children's data

Honely is designed for UK householders and homeowners and is not intended for use by anyone under the age of 18. You are asked to confirm you are 18 or over when you create an account, and by using the app you represent that you are. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us at privacy@honely.co.uk so that we can delete their data.

14. Cookies and similar technologies

The website uses cookies and similar technologies, including:

• Essential cookies: Required for the website to function. These do not require consent under PECR.
• Analytics cookies: PostHog analytics to understand how visitors use our website. These require your consent.
• Marketing cookies: MailerLite may set cookies for email campaign tracking. These require your consent.

The app does not use browser cookies. Analytics in the app are collected through the PostHog SDK, which is covered above.

15. Changes to this policy

We may update this privacy policy from time to time. When we make material changes, we will notify you by email or through a prominent notice in the app before the changes take effect. The date at the top of this policy indicates when it was last updated.

16. How to contact us

The app and the website are provided by Toby Rigby, trading as Honely, a sole trader established in the United Kingdom (we, our, or us when used above).

For any questions about this privacy policy or how we handle your personal data:

• Email: info@honely.co.uk
• Post: Honely, Lytchett House, 13 Freeland Park, Wareham Road, Poole, Dorset, BH16 6FA